From the looks of it, “origin” header plays a role in auth0’s cloudflare configuration, so using an alias for hostname, and adding it to CORS settings in admin panel would be a temporary solution to bypass cloudflare cache. Testing it now.
This, of course, would be only relevant for teams that can rename the service URL.
UPD: confirmed that it worked